Hacker Halted Blog (US) » Keynote Speakers

Amit Yoran | Netwitness Corporation

Leonard — Thu, 13 Aug 2009 15:13:51 +0000

Amit Yoran has been serving as Chairman and CEO of NetWitness since November of 2006. Prior to NetWitness, he was appointed as Director of the US-CERT and National Cyber Security Division of the Department of Homeland Security, and as CEO and advisor to In-Q-Tel, the venture capital arm of the CIA. Formerly Mr. Yoran served as the Vice President of Worldwide Managed Security Services at the Symantec Corporation. Mr. Yoran was the co-founder of Riptech, a market leading IT security company, and served as its CEO until the company was acquired by Symantec in 2002. He served as an officer in the United States Air Force in the Department of Defense’s Computer Emergency Response Team. Mr. Yoran serves as a commissioner on the CSIS Commission on Cyber Security for the 44th Presidency and numerous other industry advisory bodies.

Topic: TBA

Jeff Bardin | Treadstone 71

Leonard — Thu, 13 Aug 2009 15:10:37 +0000

Managing Director

Treadstone 71

Jeff has held Top Secret clearances while breaking codes and ciphers and performing Arabic language translations serving in the USAF and at the NSA, and also served as an Armored Scout Platoon Leader and Army Officer. He has worked in leadership positions Fortune 100 organizations. Jeff also has international experience in the greater Mediterranean region and the Kingdom of Saudi Arabia.

Jeff received the 2007 RSAÆ Conference award for Excellence in the Field of Security Practices. The Bardin-led security team also won the 2007 SC Magazine Award for Best Security Team. Jeff has served as the CSO/CISO for Fortune 1000 firms and is the principal for Treadstone 71. Jeff was most recently the Director of Risk Management at EMC. He has published several articles, is working to publish his first book, and sits on security advisory boards. Jeff holds CISSP, CISM, CHS, and NSA IAM certifications.

Topic:

Cloud Security – Ensuring you are protected

Cloud Computing is becoming a norm as business move to speed technology deployments, transfer risk, and reduce costs. This session discusses what questions to ask of your cloud provider to ensure the service you expect is truly being provided.† We will cover the types of cloud providers, examine current contracts and terms of service and what this means to you with respect to regulatory and statutory requirements and risk. Many cloud providers offer their service on a ‘use at own risk basis’ providing what seems to be nothing more than a low level availability guarantee with no compensation recompense.† How will you governance this and other such cloud IT contracts? Is a self-direct SAS 70 or ISO27001 certification on the site enough to reduce the enterprise risk presented to your organization? Examine if and what you can and should move to Cloud Computing and when.

Dr. Herbert H. Thompson | People Security

Leonard — Thu, 13 Aug 2009 15:08:13 +0000

Dr. Herbert “Hugh” Thompson is Chief Security Strategist at People Security (www.peoplesecurity.com) and a world-renown expert in application security. He has co-authored four books on the topic including, How to Break Software Security: Effective Techniques for Security Testing (with Dr. James Whittaker, published by Addison-Wesley, 2003), and The Software Vulnerability Guide (with Scott Chase, published by Charles River 2005). In 2006 he was named one of the “Top 5 Most Influential Thinkers in IT Security” by SC Magazine. As Chief Security Strategist at People Security he heads the company’s security education program and also directs research projects for some of the world’s largest corporations. He earned his Ph.D. in Applied Mathematics and is an adjunct professor of Computer Science at Columbia University in New York.

Ira Winkler | ISAG

Leonard — Thu, 13 Aug 2009 15:03:55 +0000

President & Acting CEO

ISAG

Mr. Winkler is recognized as one of the world’s experts in Internet security, information warfare, information-related crime investigation, and industrial espionage. He is a specialist in penetration testing, where he infiltrates companies, both technically and physically, to find and repair an organization’s weaknesses.

Prior to becoming founder and president of the Internet Security Advisors Group (ISAG), Mr. Winkler was Director of Technology at the International Computer Security Association (ICSA). ICSA (www.icsa.net) is a leading provider of security assurance, product certification, training, and information services, also functioning as an industry association with several thousand members. At the ICSA, Mr. Winkler was responsible for managing the Association’s laboratories and led the team establishing certification criteria for Internet firewalls.

Mr. Winkler began his career at the National Security Agency (NSA), where he performed cryptanalysis and was responsible for systems design and implementing security elements in intelligence collection and analysis systems. Subsequent to his work at the NSA, he served as a consultant with government contractors, designing and implementing security systems throughout the intelligence community. While working with the government, he realized how vulnerable large computer systems are to unauthorized entry and alteration, and that this problem could cost businesses billions of dollars annually.

Mr. Winkler is the author of Corporate Espionage, (Prima Publishing, 1997), which describes the challenges of doing business in the digital age. He is the co-author of a new bestseller, Through the Eyes of the Enemy, which details the intelligence aspect of the cold war and the emergence of the Russian mafia as a national security threat. He has also written more than 70 articles and white papers on corporate security issues.

Topic:

TBA

Prof. Howard Schmidt | Information Security Forum

Leonard — Thu, 13 Aug 2009 14:58:03 +0000

CEO

Information Security Forum (ISF)

Howard A. Schmidt has had a long distinguished career in defense, law enforcement and corporate security spanning almost 40 years. He has served as Vice President and Chief Information Security Officer and Chief Security Strategist for online auction giant eBay. He most recently served in the position of Chief Security Strategist for the US CERT Partners Program for the National Cyber Security Division, Department of Homeland Security.

He retired from the White House after 31 years of public service in local and federal government. He was appointed by President Bush as the Vice Chair of the Presidentís Critical Infrastructure Protection Board and as the Special Adviser for Cyberspace Security for the White House in December 2001. He assumed the role as the Chair in January 2003 until his retirement in May 2003.

Prior to the White House, Howard was chief security officer for Microsoft Corp., where his duties included CISO, CSO and forming and directing the Trustworthy Computing Security Strategies Group.

Topic:

TBA

Dave Litchfield | NGS Software

Leonard — Thu, 13 Aug 2009 14:54:45 +0000

Chief Research Scientis

NGS Software

David Litchfield is recognized as one of the world’s leading authorities on database security. He is the author of Oracle Forensics, the Oracle Hacker’s Handbook, the Database Hacker’s Handbook and SQL Server Security and is the co-author of the Shellcoder’s Handbook. He is a regular speaker at a number of computer security conferences and has delivered lectures to the National Security Agency, the UK’s Security Service, GCHQ and the Bundesamt für Sicherheit in der Informationstechnik in Germany. David is a CHECK team leader and holds SC clearance.

In 2003 David was voted as the “Best Bug Hunter” by Information Security Magazine. He has found and help to fix 24 security flaws in SQL Server, including the vulnerability that was exploited by Slammer, 17 in IBM’s DB2, 22 in Informix and over 100 in Oracle. In February 2008 David discovered a new class of vulnerability in Oracle that can lead to “Lateral SQL Injection” and, in the November of 2006, another new class of vulnerability in the same RDBMS that can lead to “cursor snarfing” attacks. Both are general programming flaws, that can lead to data compromise. David pioneered major advancements in Oracle forensics and has authored 6 technical papers since March 2007 on the topic.

David is Chief Research Scientist at NGSSoftware, a UK computer security services and software company he founded in 2001. NGSSoftware was acquired by NCC Group in November 2008. In 2007 NGSSoftware was awarded the Queen’s Award for Enterprise, and was listed as one of the UK’s fasted growing tech companies by both Deloitte and the Sunday Times. NGSSoftware was winner in the Best Security Company category in the 2008 European SC Magazine Awards and runner up in 2007. Previously David was Director of Research at @stake after his first company, Cerberus Information Security, was acquired in July 2000.

In May, David was named the “Entrepreneur of the Year” at the South London Business Awards 2008.

Prior to starting a career in computer security David competed as a track and field athlete for Scotland. He was the Scottish Under 20 Champion for both the long jump and decathlon and is the holder of the Scottish Schools Indoor record for long jump.

Topic:

TBA

Certified Ethical Hacker and Presenter @ Hacker Halted USA 2009 to Present EC-Council Webcast on Role of SIEM in Forensic Investigations

Leonard — Sun, 31 May 2009 13:47:47 +0000

Eric Knight C|EH, CISSP is a Senior Knowledge Engineer at LogRhythm Inc. As a preview to his presentation at Hacker Halted USA, Eric will be describing the main components of a SIEM deployment and why they are important to handling data related to investigations. SIEMs have multiple logical and physical components that collect, categorize and reduce data into meaningful events to display on the dashboard while retaining the original log data for compliance and possible future use in investigations. Scalability is accomplished using specialized servers, collectors, and host-resident agents. Components that manage the information are also critical, as lost information, improperly collected data and logs that cannot be processed can hamper an investigation.

Security Information/Event Management (SIEM) solutions are being installed by organizations around the world to identify increasingly complicated and frequent threats — both external and internal. By establishing a well-constructed centralized security intelligence system that collects information from critical infrastructure, SIEMs offer visibility into the security and operational posture of an organizations IT environment. The security state is presented in real time using simple yet powerful dashboards that provide a launching point for investigations.

Date: June 4, 2009

Time: 9:00AM (EST – New York Time)

Keynote Speaker for Hacker Halted USA participated in recently released Cyberspace Security Recommendation Document for US President-Elect.

Leonard — Sun, 31 May 2009 13:33:42 +0000

Professor Howard Schmidt, President and CEO of the Internet Security Forum (ISF) was one of the Senior Advisers to the Commission for the recently released “Report of the CSIS Commission on Cybersecurity for the 44th Presidency“.

The Commission was co-chaired by Mr. James R. Langevin, Chairman of the Homeland Security Subcommittee on Emerging Threats, Cyber Security and Science and Technology; Mr. Michael T. McCaul, Ranking Member on Subcommittee on Emerging Threats, Cyber Security and Science and Technology; Mr. Scott Charney, Vice President for Trustworthy Computing, Microsoft Corporation; and Lt. General Harry Raduege, USAF (Ret), Chairman, Center for Network Innovation, Deloitte & Touche LLP. Read more HERE.

Professor Schmidt is one of the Keynote Speakers for Hacker Halted USA 2009, hosted by EC-Council. He has had a long distinguished career in defense, law enforcement and corporate security spanning almost 40 years, including serving as the Special Adviser for Cyber Security at the U.S. White House. Read detailed bio HERE.